The US security publication SC Magazine reports that an online gambling site that it does not specifically identify came under a sustained five-vector DDoS attack peaking at 100Gbps last Friday but was ultimately fought off by cloud-based security resources provider Incapsula.
SC advises that the vectors used in the DDoS attack included a SYN flood, Large SYN flood, NTP amplification, DNS flood, and DNS amplification.
Marc Gaffan, chief business officer and cofounder of Incapsula, told SCMagazine.com that in terms of bandwidth consumption, the DNS flood made up 75 percent of malicious traffic, while the Large SYN flood was responsible for about 20 percent. He said that the other attacks were used mostly as types of smoke screens.
“Dealing with such network attacks requires extensive across-the-board over-provisioning – not only large network pipes, but also large CPU and memory reserves as well as a resilient DNS infrastructure,” Gaffan said.
Gaffan said the attack lasted for longer than 24 hours, but that Incapsula was unable to determine the location of the attackers because they here hiding behind spoofed IP addresses.
Attacks involving four or more vectors are relatively uncommon.
Incapsula reported earlier this year that 81 percent of DDoS attacks were multi-vector, while only 19 percent were single-vector. Breaking it down further, 41.3 percent of attacks used two vectors, 32.1 percent used three vectors, 4.2 percent used four vectors, and only 3.4 percent used five vectors.
“Multi-vector events are becoming more and more common, and for good reason,” Gaffan said. “With the evolution of DDoS protection services, attackers are also stepping up their game, using larger and more sophisticated DDoS threats that are specifically designed to identify and exploit security flaws in protected Internet infrastructures.”